Command line tool and library for transferring data with URLs!

cURL
Report    Share

Browse by Company

Adobe, Apowersoft, Ashampoo, Autodesk, Avast, Corel, Cyberlink, Google, iMyFone, iTop, Movavi, PassFab, Passper, Stardock, Tenorshare, Wargaming, Wondershare

cURL

  -  6.3 MB  -  Freeware
Free Download

Security Status

  • Latest Version

    cURL 8.13.0 LATEST

  • Review by

    Daniel Leblanc

  • Operating System

    Windows 7 / Windows 8 / Windows 10 / Windows 11

  • User Rating

    Click to vote

  • Author / Product

    Daniel Stenberg / External Link

  • Filename

    curl-8.13.0.zip

cURL (Client URL) is a command-line tool and library designed for transferring data using various network protocols.

Originally developed by Daniel Stenberg, it has become an essential tool for developers, system administrators, and security professionals.

cURL for Windows supports multiple protocols, including HTTP, HTTPS, FTP, FTPS, SCP, SFTP, LDAP, and many more.

It is widely used for automating data transfer tasks, testing APIs, and debugging network issues.

Key Features

Multi-Protocol Support – Supports HTTP, FTP, IMAP, SMTP, LDAP, and many other protocols.

Secure Data Transfer – Provides support for TLS and SSL encryption.

User Authentication – Supports basic, digest, NTLM, Negotiate, and Kerberos authentication.

Proxy Support – Works with HTTP, SOCKS4, and SOCKS5 proxies.

Automated Scripting – Ideal for batch processing and scripting.

Cookie and Session Management – Supports handling cookies and maintaining sessions.

Header and Data Manipulation – Allows setting custom headers and sending POST, GET, and other HTTP methods.

Resume and Bandwidth Control – Supports resuming interrupted downloads and controlling bandwidth usage.

Cross-Platform Availability – Works on Windows, Linux, macOS, and many other operating systems.

Open-Source – Free to use and modify under the MIT license.

User Interface

cURL does not have a graphical user interface (GUI); it operates exclusively via the command-line interface (CLI).

Users interact with cURL by typing commands in the terminal or command prompt.

While this may seem complex for beginners, it is incredibly powerful and flexible for experienced users.

Installation and Setup

Download – Visit the official website or FileHorse.com and download the latest Windows binary.

Extract Files – Unzip the downloaded file to a directory of your choice.

Set Environment Variables – Add the cURL directory to the Windows PATH variable to run it from any command prompt.

Verify Installation – Open the command prompt and run curl --version to check if it is installed correctly.

How to Use

Basic Web Request:

curl https://www.example.com

Download a File:

curl -O https://www.example.com/file.zip

Send POST Request with Data:

curl -X POST -d "param1=value1&param2=value2" https://api.example.com

Use Authentication:

curl -u username:password https://api.example.com

Use Proxy:

curl -x http://proxy.example.com:8080 https://www.example.com

FAQ

Is cURL free to use?
Yes, cURL is open-source and completely free under the MIT license.

Can cURL handle JSON data?
Yes, it can send and receive JSON data using headers and data payloads.

How do I check if cURL is installed on Windows?
Run curl --version in the command prompt to verify installation.

Does cURL support file uploads?
Yes, using -F or --upload-file options, you can upload files to a server.

Can cURL resume downloads?
Yes, use the -C - option to resume a previously interrupted download.

Alternatives

Postman – GUI tool for testing APIs and HTTP requests.

Wget – Another command-line tool focused on downloading files.

HTTPie – A user-friendly command-line HTTP client.

ARIA2 – A lightweight, multi-threaded download utility.

PowerShell Invoke-WebRequest – Built-in Windows command for making web requests.

Pricing

This tool is completely FREE and open-source. There are no paid plans or licenses required.

System Requirements
  • Operating System: Windows 7, 8, 10, 11
  • Processor: Any x86 or x64 processor
  • RAM: Minimum 512MB (1GB recommended)
  • Storage: Less than 10MB for installation
  • Network: Required for most functionalities
PROS
  • Supports a wide range of protocols.
  • Free and open-source.
  • Lightweight with minimal system requirements.
  • Powerful for automation and scripting.
  • Available across multiple platforms.
CONS
  • No graphical user interface.
  • Requires knowledge of command-line syntax.
  • Limited built-in documentation.
  • Can be complex for beginners.
Conclusion

cURL is a powerful and indispensable tool for developers, system administrators, and security professionals. With its extensive protocol support, automation capabilities, and lightweight footprint, it stands out as one of the best command-line utilities for data transfer.

Download cURL Latest Version

What's new in this version:

Changed:
- curl: add write-out variable 'tls_earlydata'
- curl: make --url support a file with URLs
- gnutls: set priority via --ciphers
- IMAP: add CURLOPT_UPLOAD_FLAGS and --upload-flags
- lib: add CURLFOLLOW_OBEYCODE and CURLFOLLOW_FIRSTONLY
- OpenSSL/quictls: add support for TLSv1.3 early data
- rustls: add support for CERTINFO
- rustls: add support for SSLKEYLOGFILE
- rustls: support ECH w/ DoH lookup for config
- rustls: support native platform verifier
- var: add a '64dec' function that can base64 decode a string
- wolfssl: tls early data support

Fixed:
- addrinfo: add curl macro to avoid redefining foreign symbols
- asyn-thread: avoid the separate 'struct resdata' alloc
- asyn-thread: avoid the separate curl_mutex_t alloc
- asyn-thread: do not allocate thread_data separately
- asyn-thread: remove 'status' from struct Curl_async
- autotools: fix `dllmain.c` in unity builds
- autotools: fix `libtest` bundle to depend on `FIRSTFILES`
- autotools: use `CURLDEBUG` to exclude TrackMemory code from unity
- aws_sigv4: cannot be used for proxy
- aws_sigv4: merge repeated headers in canonical request
- aws_sigv4: use strparse more for parsing
- base64: drop `BUILDING_CURL` macro, always include in tests/server
- build: add Windows CE / CeGCC support, with CI jobs
- build: cmake multi-pkg-config detection improvements (brotli, ldap, mbedtls)
- build: do not apply curl debug macros to `tests/server` by default
- build: drop unused `getpart` tool
- build: enable -Wjump-misses-init for GCC 4.5+
- build: enable `-Wcast-qual`, fix or silence compiler warnings
- build: fix compiler warnings in feature detections
- build: replace Curl_ prefix with curlx_ for functions used in servers
- build: set `-O3` and tune WinCE in CI, fix `getpart`, `vtls_scache` fallouts
- build: set `HAVE_STDINT_H` if `stdint.h` is available
- build: set `HAVE_WRITABLE_ARGV` for Apple cross-builds
- build: silence bogus `-Wconversion` warnings with gcc 5.1-5.4
- build: silence mingw32ce C99 format warnings, simplify CI
- build: tidy-ups around `inet_pton`
- c-ares httpsrr: fix ifdef
- c-ares: error out for unsupported versions, drop unused macros
- ca-native.md: sync with CURLSSLOPT_NATIVE_CA
- cf-socket: deduplicate Windows Vista detection
- cf-socket: remove empty switch
- client writer: handle pause before decoding
- cmake: `CURL_LIBDIRS` improvements (upstreamed from vcpkg)
- cmake: `SHARE_LIB_OBJECT=ON` requires CMake 3.12 or newer
- cmake: add custom command scripts as dependencies where missing
- cmake: add pre-fill for Unix, enable in GHA/macos, verify pre-fills
- cmake: add shell completion support
- cmake: allow `CURL_STATIC_CRT` with shared libcurl and no curl exe
- cmake: allow `CURL_STATIC_CRT` with UCRT VS2015+ builds
- cmake: allow empty `IMPORT_LIB_SUFFIX`, add suffix collision detection
- cmake: avoid `-Wnonnull` warning in `HAVE_FSETXATTR_5` detection
- cmake: disable HTTPS-proxy as a feature if proxy is disabled
- cmake: drop `CURL_DISABLE_TESTS` option
- cmake: drop `HAVE_C_FLAG_Wno_long_double` logic for ancient Apple gcc
- cmake: drop `HAVE_IN_ADDR_T` from pre-fill too
- cmake: drop two stray TLS feature checks for wolfSSL
- cmake: exclude `-MP` for `clang-cl` again
- cmake: fix `HAVE_ATOMIC`/`HAVE_STDATOMIC` pre-fill for clang-cl
- cmake: fix clang-tidy builds to verify tests, fix fallouts
- cmake: fix detection pre-fills for iOS
- cmake: fix ECH detection in custom-patched OpenSSL
- cmake: fix typo in ECH config error msg
- cmake: hide empty `MINGW64_VERSION` output for mingw32ce
- cmake: improve httpd detection for pytest
- cmake: mention 'insecure' in the debug build warning
- cmake: misc tidy-ups
- cmake: pre-fill known type sizes for Windows OSes
- cmake: replace CMAKE_COMPILER_IS_GNUCC with CMAKE_C_COMPILER_ID
- cmake: replace exec_program() with execute_process()
- cmake: restrict static CRT builds to static curl exe, test in CI
- cmake: sync cutoff version with autotools for picky option `-ftree-vrp`
- cmake: sync OpenSSL(-fork) feature checks with `./configure`
- cmake: unity mode optimization for non-`CURLDEBUG` `testdeps` targets
- CODE_STYLE: readability and banned functions
- config-win32: set `HAVE_STDINT_H` where available
- configure: call the blocking resolver "blocking", not "default"
- configure: fix ECH detection with MultiSSL
- configure: silence compiler warnings in feature checks, drop duplicates
- configure: tidy up shell completion rules
- configure: use `curl_cv_apple` variable
- conn: eliminate `conn->now`
- conn: fix connection reuse when SSL is optional
- conncache: eliminate `conn->destination_len` as premature optimization
- contributors.sh: lowercase 'github' for consistency
- contrithanks.sh: update docs/THANKS in place
- cookie: do prefix matching case-sensitively
- cookie: minor parser simplification
- cookie: simplify invalid_octets()
- core: stop redefining `E*` macros on Windows, map `EACCES`, related fixes
- curl.h: change some enums to defines with L suffix
- curl.h: convert CURLUSESSL* names to defines
- curl.h: stop defining non-curl `__has_declspec_attribute`
- curl.h: switch `CURL_HTTP_VERSION*` enums to long constants
- curl/system.h: drop leftover comment about 32 bit curl_off_t
- curl: add my_setopt_long() and _offt()
- curl_msh3: remove verify bypass from DEBUGBUILDs
- curl_setup: drop `ERANGE` (for WinCE), no longer used
- curl_setup_once: drop `E*` macro redefines unused (with winsock2)
- curl_setup_once: stop redefining `ENAMETOOLONG` to winsock2 error code
- curl_trc: fix build with CURL_DISABLE_VERBOSE_STRINGS
- curl_ws_recv.md: expand a little on the fragments the API delivers
- CURLMOPT_SOCKETFUNCTION.md: add advice for socket callback invocation
- CURLOPT_HTTPHEADER.md: add comments to the example
- CURLOPT_HTTPHEADER.md: rephrases
- curltime: use libcurl time functions in src and tests/server
- DISABLED: add 313 for sectransp (move from GHA/macos)
- docs/cmdline-opts: use imperative form
- docs: adapt to removed --with-random
- docs: add FD_ZERO to curl_multi_fdset example
- docs: bump `rustls` to 0.14.1
- docs: correct argument names & URL redirection
- docs: minor edits to please the new spellchecker regime
- docs: rework RUSTLS install instructions
- docs: unify HTTP version style in --help output
- docs: vulnerabilities in debug code are not eligible for a bounty
- doh: improve HTTPS RR svcparams parsing
- doh: remove wrong but unreachable exit path from doh_decode_rdata_name
- dynbuf: assert init on free
- easy: drop `break` after `return`
- easy: fix warning about possible comma misuse
- eventfd: allow use on all CPUs
- examples: prefer `return` over `exit()` (cont.)
- ftp/sftp: strdup data info memory
- ftp: fix comment
- gnutls: fix connection state check on handshake
- gnutls: fix use of pkcs11 urls for keys/certs
- gtls: fix uninitialized variable
- hash: use single linked list for entries
- hostip: don't use alarm() for DoH resolves
- hostip: make CURLOPT_RESOLVE support replacing IPv6 addresses
- http2: add on_invalid_frame callback for error detection
- http2: detect session being closed on ingress handling
- http2: enhance error messages on Curl_dyn* upon receiving headers
- http2: fix stream assignemnt for pushes
- http2: reset stream on response header error
- HTTP3.md: only speak about minimal versions
- http: convert parsers to strparse
- http: fix NTLM info message typo
- http: fix the auth check
- http: make the RTSP version check stricter
- http: negotiation and room for alt-svc/https rr to navigate
- http: remove a HTTP method size restriction
- http: version negotiation
- http_chunks: replace a strofft call with curl_str_hex
- https-rr: implementation improvements
- httpsrr: fix port detection
- httpsrr: fix the HTTPS-RR threaded-resolver build combo
- INFRASTRUCTURE.md: add IRC and Matrix details
- INSTALL-CMAKE.md: CMake usage updates
- INSTALL-CMAKE.md: mention `ZLIB_USE_STATIC_LIBS`
- lib1156: pass longs to `curl_easy_setopt()`
- lib1560: test set path containing LR or CR
- lib2302: fix crash due to stack overflow on MSVC and clang Windows
- lib696: fix building on Windows in non-bundle mode
- lib: better optimized casecompare() and ncasecompare()
- lib: clear up CURLRES_ASYNCH vs USE_CURL_ASYNC use
- lib: fix two curlx_strtoofft invokes
- lib: rename curlx_strtoofft to Curl_str_numblanks()
- lib: replace while(ISBLANK()) loops with Curl_str_passblanks()
- lib: simplify more white space loops
- lib: strtoofft.h header cleanup
- lib: use Curl_str_* instead of strtok_r()
- lib: use Curl_str_number() for parsing decimal numbers
- libssh2: fix freeing of resources in disconnect
- libssh2: fix memory leak in `SSH_SFTP_REALPATH` state
- libssh2: fix to ignore `known_hosts` if SHA256 host public key is set
- libssh2: print user with verbose flag
- libssh2: show crypto backend in the verbose connect log
- libssh: fix freeing of resources in disconnect
- libssh: fix scp large file upload for 32-bit size_t systems
- libtest/first.c: remove the Test: stderr output for unity builds
- libtest/libprereq.c: set CURLOPT_FOLLOWLOCATION with a long
- managen: accept more markdown-quote-markers
- managen: correct the warning for un-escaped '<' and '>'
- mbedtls: re-enable an error check
- memdebug.h: avoid `-Wredundant-decls` with an extra guard
- memdebug: drop dynamic allocation from `curl_dbg_log()`
- mprintf: switch three number parsers to use strparse
- mqtt: convert sendleftovers to dynbuf
- msvc: drop support for VS2005 and older
- multi: call protocol handler done() if PROTOCONNECT or later
- multi: event based rework
- multi: kill off remaining internal handles in curl_multi_cleanup
- multi: start the loop over when handles are removed
- multi_ev: fixes regarding connection shutdowns
- ngtcp2: do not iterate over multi handles
- ntlm: merge ntlm.h into ntlm.c
- openssl-quic: do not iterate over multi handles
- openssl: check return value of X509_get0_pubkey
- openssl: drop support for old OpenSSL/LibreSSL versions
- openssl: fix crash on missing cert password
- openssl: fix pkcs11 URI checking for key files.
- openssl: remove bad `goto`s into other scope
- prox/preproxy.md: document argument within <brackets>
- pytest: test negotiate with http proxy
- quiche: do not iterate over multi handles
- RELEASE-PROCEDURE.md: explain release candidates
- request: clear sendbuf_hds_len when resetting request bufq
- resolve: fix building without Unix sockets and `CURLDEBUG`
- runtests: accept `CURL_DIRSUFFIX` without ending slash
- runtests: add feature-based filtering
- runtests: check and report if `diff` tool is missing
- runtests: drop logic calling the `handle` tool (Windows)
- runtests: drop recognizing 'winssl' as Schannel
- runtests: drop ref to unused external function
- runtests: fix bundled test invocation with `-g` option
- runtests: fix SSH server not starting in cases, re-ignore failing vcpkg CI jobs
- runtests: fix test key format for libssh2 WinCNG (and others)
- runtests: generate certs dynamically, bump to EC-256, tidy up
- runtests: recognize AWS-LC as OpenSSL
- runtests: rewrite `genserv.sh` in Perl
- runtests: support multi-target cmake, drop workarounds from CI
- runtests: support running tests under wine or qemu (cont.)
- runtests: support running tests under wine or qemu
- runtests: use `setfacl` on Cygwin/MSYS, if present
- rustls: add ECH support w/ string ECH config
- rustls: cap maximum allowed CRL file size to 8MB
- rustls: support ECH GREASE
- rustls: use client cert and key if available
- schannel: deduplicate Windows Vista detection
- schannel: enable ALPN support under WINE 6.0+
- schannel: enable ALPN with MinGW, fix ALPN for UWP builds
- schannel: guard ALPN init code to ALPN builds
- scripts/managen: fix option 'single'
- scripts/managen: fix parsing of markdown code sections
- scripts: update completion.pl to parse options from docs
- sectransp: add support for HTTP/2 in gcc builds
- sendf: client reader line conversion: do not change data->state.infilesize
- setopt: illegal CURLOPT_SOCKS5_AUTH should return error
- setopt: remove unnecessary void pointer typecasts
- setopt: setting PROXYUSERPWD after PROXYUSERNAME/PASSWORD is fine
- shutdowns: split shutdown handling from connection pool
- socks: remove bad assert from do_SOCKS5()
- src: avoid strdup on platforms not doing UTF-8 conversions
- src: cleanup ISBLANK vs ISSPACE
- src: remove Curl_ prefix from tool-specific function
- src: remove final uses of Curl_ symbol prefixes in tool code
- src: replace strto[u][ld] with curlx_str_ parsers
- ssh: consider sftp quote commands case sensitive
- sshserver.pl: adjust `AuthorizedKeysFile2` cutoff version
- sshserver.pl: use Perl `chmod`
- sshserver: fix excluding obsolete client config lines
- ssl session cache: add exportable flag
- SSLCERTS: list support for SSL_CERT_FILE and SSL_CERT_DIR
- strparse: make Curl_str_number() return error for no digits
- strparse: switch the API to work on 'const char *'
- strparse: switch to curl_off_t as base data type
- test1022: add support for rc releases
- test1167: catch #defines with extra whitespace
- test313: disable CRL test for Schannel due to lack of support and flakiness
- test313: disable via `<features>` for backends without CRL support
- test489: set output dir
- test612: SCP `rm` the uploaded remote file (not the local source), unignore in CI
- test613: make it pass on Windows, fix postprocess, unignore in CI
- test615: fix for Cygwin, unignore in CI
- tests/certs: cleanup
- tests/server: drop unused `base64.pl`
- tests/server: fix to check against winsock2 error codes on Windows
- tests/server: give global `path` variable a more descriptive name
- tests/server: make the signal handler signal-safe
- tests/server: replace `errno` with `SOCKERRNO` in sockfilt, socksd, sws
- tests/server: replace `strerror` with `sstrerror` in socksd
- tests/server: support bundle binary
- tests/server: sync `wait_ms()` with the libcurl implementation
- tests/server: use `curlx_str_numblanks()` to avoid `errno`
- tests/servers.pm: remove unused variable 'portrange'
- tests: build non-debug unit tests with autotools, run them
- tests: fix comment in lib533
- tests: fix enum/int confusion, fix autotools `CFLAGS` for `servers`
- tests: make sure 'commands.log' is generated in the correct logdir
- tests: mark tests 1631, 1632 flaky
- tests: reformat error messages to avoid tripping MSBuild
- tests: remove base64 encoded sections
- tests: Remove unused variables
- tests: replace remaining non-ASCII bytes with hex markup
- tftpd: prefix TFTP protocol error `E*` constants with `TFTP_`
- tidy-up: align MSYS2/Cygwin codepaths, follow Cygwin `MAX_PID` bump
- tidy-up: delete, comment or scope C macros reported unused
- tidy-up: drop unused `CURL_INADDR_NONE` macro and `in_addr_t` type
- tidy-up: use `CURL_ARRAYSIZE()`
- timediff: fix comment for curlx_mstotv()
- timediff: remove unnecessary double typecast
- tool_dirhie: create dir hierarchy without strtok
- tool_getparam: clear sensitive arguments better
- tool_getparam: do parse_upload_flags without the alloc/free
- tool_getparam: parse --trace-config without strdup()/free()
- tool_getparam: parse_header() without strtok
- tool_operate: change "1 retries" to "1 retry"
- tool_operate: fail SSH transfers without server auth
- tool_operate: fix pluralization of seconds
- tool_operate: remove unnecessary (long) typecasts
- tool_paramhlp: do --proto parsing without strtok
- tool_parsecfg: make my_get_line skip comments and newlines
- tool_setopt: reduce use of "code hiding" macros
- url: call protocol handler's disconnect in Curl_conn_free
- urlapi: fix redirect from file:// with query, and simplify
- urlapi: remove percent encoded dot sequences from the URL path
- urlapi: simplify junkscan
- urldata: remove 'hostname' from struct Curl_async
- variable.md: clarify 'trim' example
- vquic: obey IOV_MAX
- vtls: fix compiler warnings seen with gcc 7.3.0 and mbedTLS
- winbuild: reduce command-line length by dropping whitespace
- windows: do not use winsock2 `inet_ntop()`/`inet_pton()`
- windows: drop code and curl manifest targeting W2K and older
- windows: fix issues detected by clang-tidy, and some more
- wolfssh: fix freeing of resources in disconnect
- wolfssh: retrieve the error using wolfSSH_get_error
- wolfssl: fix CA certificate multiple location import
- wolfssl: fix unused variable warning
- wolfssl: warn if CA native import option is ignored
- wolfssl: when using PQ KEM, use ML-KEM, not Kyber
- ws: corrected curlws_cont to reflect its documented purpose
- ws: fix and extend CURLWS_CONT handling
- zlib: bump minimum to 1.2.5.2 (was: 1.2.0.4)

Top Downloads

More Popular Software »